Use ~p verified routes instead of string paths in navbar template.
Update can_access_page? to handle both string and verified route paths
for better type safety.
Extract format_error and permission_set_badge_class functions into
MvWeb.RoleLive.Helpers module to eliminate code duplication between
Index and Show LiveViews.
Add actor and domain parameters to recalculate_user_count and
load_user_count to ensure consistent authorization. Clarify that
load_user_count is for initial display while recalculate_user_count
is for fresh count before deletion.
Add actor parameter to load_user_counts and recalculate_user_count
in Index LiveView to ensure consistent authorization and policy
enforcement. Also add domain parameter for clarity.
Move duplicate ensure_user_role_loaded logic into MvWeb.LiveHelpers
on_mount hook to eliminate code duplication across RoleLive modules
and centralize security-related user role loading.
- Convert Settings menu item to dropdown (similar to Contributions)
- Add Global Settings and Roles as sub-items
- Update German translations: 'Global Settings' and 'Roles'
- Add Users column showing number of users assigned to each role
- Load user counts efficiently in single query to avoid N+1
- Similar implementation to membership fee types member count
- Add text labels to Edit and Delete buttons in index page
- Change button size from btn-xs to btn-sm for better visibility
- Add Delete button to show page for non-system roles
- Implement handle_event for delete in show page
- Add format_error helper to show page
Add complete CRUD interface for role management under /admin/roles.
- Index page with table showing name, description, permission_set_name, is_system_role
- Show page for role details
- Form component for create/edit with permission_set_name dropdown
- System role badge and disabled delete button
- Flash messages for success/error
- Authorization checks using MvWeb.Authorization helpers
- Comprehensive test coverage (22 tests)
Routes added under /admin scope. All LiveViews load user role
for authorization checks. Form uses custom dropdown for permission sets.
Implement MvWeb.Authorization module with can?/3 and can_access_page?/2
functions for conditional rendering in LiveView templates.
- can?/3 supports both resource atoms and record structs with scope checking
- can_access_page?/2 checks page access permissions
- All functions use PermissionSets module for consistency with backend
- Graceful handling of nil users and invalid permission sets
- Comprehensive test coverage with 17 test cases
Replace assign_new with assign for cycles and available_fee_types. Set regenerating flag at event start. Fix create_cycle parsing with explicit error handling. Use atomic bulk delete for all cycles. Improve delete confirmation robustness. Fix unless/else pattern for Credo compliance.
Arrange Paid/Suspended/Unpaid/Delete buttons side by side without wrapping.
Hide Suspend button when cycle is already suspended, matching behavior
of Paid and Unpaid buttons.
